From cfb2a9848c5264c4c6f9e1d3d5a19b226acc13ae Mon Sep 17 00:00:00 2001 From: Miguel Martinez Trivino Date: Fri, 17 Apr 2026 01:09:46 +0200 Subject: [PATCH 1/2] fix(nats): honor replicas config for audit stream and log KV bucket replicas The chainloop-audit JetStream stream was created without a Replicas field, so it always defaulted to 1 regardless of nats_server.replicas. Propagate the configured replica count from the NATS connection so the stream is created (or updated) with the right replication factor. Also include replicas in the NATS KV cache startup log so operators can confirm the value the controlplane is actually requesting. Signed-off-by: Miguel Martinez Trivino --- app/controlplane/pkg/auditor/nats.go | 3 ++- pkg/cache/natskv.go | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/app/controlplane/pkg/auditor/nats.go b/app/controlplane/pkg/auditor/nats.go index 67f776f76..e32480997 100644 --- a/app/controlplane/pkg/auditor/nats.go +++ b/app/controlplane/pkg/auditor/nats.go @@ -71,11 +71,12 @@ func (p *AuditLogPublisher) initJetStream() error { if _, err := js.CreateOrUpdateStream(ctx, jetstream.StreamConfig{ Name: streamName, Subjects: []string{subjectName}, + Replicas: p.rc.Replicas, }); err != nil { return fmt.Errorf("creating stream: %w", err) } - p.logger.Infow("msg", "stream created or updated", "name", streamName, "subject", subjectName) + p.logger.Infow("msg", "stream created or updated", "name", streamName, "subject", subjectName, "replicas", p.rc.Replicas) return nil } diff --git a/pkg/cache/natskv.go b/pkg/cache/natskv.go index a0e8fd163..e70c3cc31 100644 --- a/pkg/cache/natskv.go +++ b/pkg/cache/natskv.go @@ -52,7 +52,7 @@ func newNATSKV[T any](cfg *config) (*natsKVCache[T], error) { go c.watchReconnect(cfg.reconnCh) } - cfg.logger.Infow("msg", "cache: using NATS KV backend", "bucket", cfg.bucketName, "ttl", cfg.ttl) + cfg.logger.Infow("msg", "cache: using NATS KV backend", "bucket", cfg.bucketName, "ttl", cfg.ttl, "replicas", cfg.replicas) return c, nil } From 20a9b4c716a0980f311c74083145c982cfaa52d2 Mon Sep 17 00:00:00 2001 From: Miguel Martinez Trivino Date: Fri, 17 Apr 2026 01:10:53 +0200 Subject: [PATCH 2/2] chore(cache): tune attestation bundle cache to 48h TTL and 200MB max size Signed-off-by: Miguel Martinez Trivino --- pkg/cache/attestationbundle/attestationbundle.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/cache/attestationbundle/attestationbundle.go b/pkg/cache/attestationbundle/attestationbundle.go index b339f67cd..7ee8d6cdc 100644 --- a/pkg/cache/attestationbundle/attestationbundle.go +++ b/pkg/cache/attestationbundle/attestationbundle.go @@ -26,8 +26,8 @@ import ( ) const ( - ttl = 5 * 24 * time.Hour - maxBytes = 100 * 1024 * 1024 // 100 MB + ttl = 48 * time.Hour + maxBytes = 200 * 1024 * 1024 // 200 MB bucket = "chainloop-attestation-bundles" description = "Cache for attestation bundles" )